package com.shirotest.component;

import java.util.ArrayList;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.web.servlet.HandlerInterceptor;

/**
 * 禁止不安全的请求方式，目前只保留GET
 */
public class SecurityInterceptor implements HandlerInterceptor {
	private static final List<String> allowedMethod = new ArrayList<String>();
	static {
		allowedMethod.add(HttpMethod.GET.name());
	}
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)	throws Exception {
		String method = request.getMethod();
		if(allowedMethod.contains(method)) {
			return true;
		}
		response.setStatus(HttpStatus.FORBIDDEN.value());
		return false;
	}
}
